Many Miles Awayhttps://darrylmiles.wordpress.com
Darryl Miles, IT guy from Down UnderSat, 21 Oct 2017 00:32:36 +0000enhourly1http://wordpress.com/https://secure.gravatar.com/blavatar/c5eb7b144c9e539478b070ade71b7b2a?s=96&d=https%3A%2F%2Fs2.wp.com%2Fi%2Fbuttonw-com.pngMany Miles Awayhttps://darrylmiles.wordpress.com
Enable secure mobile Intranet access in less than 30 minutes with IBM MaaS360https://darrylmiles.wordpress.com/2016/05/26/enable-secure-mobile-intranet-access-in-less-than-30-minutes-with-ibm-maas360/
https://darrylmiles.wordpress.com/2016/05/26/enable-secure-mobile-intranet-access-in-less-than-30-minutes-with-ibm-maas360/#respondThu, 26 May 2016 13:09:36 +0000http://darrylmiles.wordpress.com/?p=1175]]>Many organisations provide mobile access to corporate email/calendar services. Enabling more advanced collaboration services can be more complex and expensive to deploy. MaaS360 offers a new approach to deploy a range of new mobile collaboration services:

These services can be accessed without the need to deploy a more powerful and typically expensive VPN solution.

Clients love MaaS360’s unified mobility management features and new mobile application and App Catalog look and feel as shown below:

Mobile collaboration is enabled by deploying the MaaS360 Cloud Extender/Enterprise Gateway on-premises. This provides a micro-VPN service from your company Intranet to the MaaS360 application on each device protected by FIPS 140-2 compliant / AES-256 encryption. Regardless of the security of the mobile device, MaaS360 protects all information inside of the encrypted MaaS360 application.

This article steps you through the steps to enable this capability in less than 30 minutes.

Step 1: Start your free 30 day MaaS360 production trial

If you haven’t already, go to MaaS360.com/trial and enter your details to start a MaaS360 trial. This is a production trial so everything you configure / setup is available beyond the trial period without any activation charges.

Once you’ve started a trial, enrol a number of devices and get familiar with the MaaS360 portal. The MaaS360 administrator portal is very easy to use, however you can also review this video which provides a great overview.

Step 2: Install the MaaS360 Cloud Extender

Next install the MaaS360 Cloud Extender (CE) on an internal Windows server. This allows you to connect on-premises resources such as Active Directory, Certificate Authorities to the MaaS360 SaaS service. You can follow the instructions here to install and configure the CE.

Step 3: Install and configure the Mobile Enterprise Gateway (MEG)

The following instructions detail how to enable the Enterprise Gateway as a feature within the Cloud Extender.

Next contact our ops team via the 24×7 technical chat service and ask for the Enterprise Gateway service to be enabled for your trial account. Also advice them to select either the US, Europe or AP hub if you use the MEG in relay mode.

Next select Setup – Services and enable Enterprise Gateway

Start the Cloud Extender Configuration Tool and select Enterprise Gateway. Select either Active Directory or LDAP directory using the same configuration you used for User Authentication/User Visibility.

The config tool will perform a number of checks for connectivity and Active Directory authentication:

Next select the Standalone configuration mode, choose a name for your MEG gateway (ie. in my case I chose MEG1-AP) and the gateway Relay mode. You should then see in the drop down box the correct relay server.

It’s important to ensure you select WebDav Server Setup for Network File Share access. You might also like to select the checkbox to re-use the user’s credentials.

Ensure you do not select Internet Proxy Settings. This will route all requests for your intranet to a proxy first. Only select this feature if really needed.

Next within the MaaS360 Workplace persona policy, enable the following services:

Next under Browser – Enterprise Gateway, select your MEG gateway and choose the DNS wildcard for all your Intranet services.

From your mobile device using the MaaS360 secure browser, you should be able to access your company Intranet as shown.

Next from the MaaS360 administrator portal, select Docs – Content Sources. Add a Windows File share using the example below. It’s important to get the Folder path correct including upper/lower case letters. Ensure you can browse to the file share without any issues from the Cloud Extender server itself.

From your mobile device, you should be able to also access the documents from the file share from with the MaaS360 Docs application as shown:

That’s it ! As you can see, it’s quick and easy to provide company information securely to your mobile workforce. With the comfort that this information is protected and leveraging additional mobile services such as MaaS360 Threat Protection (integrated anti-malware for iOS and Android).

If you would like further information, please ask a question on the new MaaS360 forum or contact me directly via my blog contact page.

IBM MaaS360 resonates with our clients when we detail it’s unique unified mobility management capabilities. This management is available across a wide variety of mobile, PC and Mac devices. MaaS360 was recently named the clear leader in the Forrester Wave: Enterprise Mobile Management, Q4 2015 report.

The following article outlines ten solution capabilities, which are unique to the enterprise mobility management (EMM) market.

#1 – Fastest Time to Trust (Trial and On-premises components)

The MaaS360 solution is unique, in that anyone can easily start a production trial in just a few minutes. Simply go to www.maas360.com/trial and start a free 30-day trial of our solution. As part of the 30 day trial you’ll be provided technical assistance as you need it at anytime (via remote Webex or 24×7 chat service).

The trial is in our production service, so you can the validate how easy our solution is to use. When you wish to proceed as an active client, there is no additional migration effort or activation fees. Your account status is changed in a few minutes, it’s that easy.

Likewise, the on-premises components are very easy to setup and configure. For the example the Cloud Extender is a small Windows executable (which can be downloaded from the MaaS360 portal). The MaaS360 Cloud Extender (CE) communicates outbound to our SaaS platform on port 443, so is very firewall and proxy friendly. You can typically install and setup the cloud extender in less than 30 minutes. The Enterprise Gateway is now an activated module as part of the CE, so also very easy to enable too.

#2 – Multi Tenant Hierarchy for Mobile Service Providers (MSPs)

As mentioned in a previous post, IBM MaaS360 provides inherant multi-tenancy services, which provides the following services for a MMS organisation:

Multi-Tenant Hierarchy

Easily supports multi-channel model

Easily onboard new customers/partners

Single login to manage customers

Branding

Dashboards and Reports

This is depicted in the following diagram:

The key benefit for MSPs (and large organisations) is the speed and simplicity in managing large number of devices with complete separation (client or division). The ability for an MSP to provide their clients a unique trial URL is very compelling. This allows an MSP’s client to start a production trial in less than 3 minutes.

#3 – Flexible Branding Options

Various elements of MaaS360 can be easily branded via the MSP portal. This includes the trial registration page, service name, portal logo etc. Elements of MaaS360 can also be branded for each client of the MSP too (such as inside the Secure Productivity Suite, the logo can be changed).

#4 – Secure Container for iOS, Android and Windows Phone

MaaS360 Secure Productivity Suite (secure container) keeps your staff work services in one secure easy-to-use app. They can manage all their emails, contacts, calendars, enterprise applications and the web (+intranet) from an isolated workspace on their mobile devices.

This is great for BYOD and is available for iOS, Android and even Windows Phone ! The application is fully encrypted (includes FIPS 140-2 compliant, AES-256 encryption for iOS, Android and Windows Phone) so doesn’t rely on any device encryption or policies.

#5 – Integrated Mobile Threat Management

MaaS360 is the only leading EMM with integrated mobile anti-malware capability. This includes anti-malware services for iOS and Android.

Threat Management detects, analyses and remediates mobile risks delivering a new layer of security (without the need of another application or system). Threat Protection leverages IBM Security Trusteer® using over the air updates to protect against:

MaaS360 has a number of unique PC and Mac Management capabilities, even for older operating systems as far back as Windows XP!

The following is a summary of MaaS360’s PC and Mac services:

Gain Instant Insight

Hardware inventory

Software inventory

Security & compliance

Custom attributes

Operating system details, patch levels

Location history

Take Immediate Action

Enroll over-the-air

Locate, lock, restart or shutdown device

Deploy OS patches for latest security updates

Distribute software and documents

Send message

Wipe the hard drive

Update Antivirus definitions

Patch Management (Windows)

I highlighted some of those unique capabilities above in bold. With MaaS360 you can distribute software to Windows PC and Apple Mac OS X.

#8 – MaaS360 can work alongside an existing MDM

For those clients who have an existing MDM and cannot yet change, MaaS360 can also work alongside those MDM solutions. For example, iOS only allows one MDM solution to be managing a device at a time. MaaS360 can still be deployed to provide a secure productivity suite or enterprise application distribution capabilities.

This capability has proven effective for clients who have struggled with an existing legacy MDM solution. Particularly those solutions which struggle to scale with larger numbers of enterprise applications.

#9 – SaaS scalability and automatic updates & monitoring

The MaaS360 multi-tenant SaaS service provides a number key benefits. Clients are always on the latest version of the product and new mobile features from iOS, Android and Windows Phone. This delivers much faster time-to-value than any on-premises solution, with set-up measured in minutes. See here for further information.

In addition, the on-premises components included integrated health check and monitoring services. This is particularly valuable for clients and mobile service providers (as no customer monitoring is required)

#10 – Readily Delivered MaaS360 Packages (Per device/Per User)

With MaaS360 clients pay only for what you need, when you need it: start managing a small group of users now, and scale upwards as needed. Clients can choose the license bundles they need, plus IBM can provide a fixed MaaS360 licensing in Australian or New Zealand dollar licensing. Both per device or per user (unlimited number of devices) is available.

When we’ve outlined some of the above features with organisations, they recognise how MaaS360 can provide a powerful platform for their clients. Of course, if you would like to try out MaaS360, you can register for a free 30-day trial by going to www.maas360.com/trial.

If you would like further information, you can contact me via my blog contact page.

Many clients also turn to external IT services providers (particularly Mobile Service Providers) to operate their mobile infrastructure and BYOD initiatives. With Mobile Managed Services (or MMS) are expected to grow at around 27% per year through 2016, it’s a strategic managed service provider capability. Therefore, MaaS360 can provide the perfect platform for any MSP organisation of any size.

MaaS360 – Built with multi-tenancy services

Analysts and clients recognise MaaS360 provides a mature shared-processing multi tenant architecture, which is the best-in-class cloud among ranked EMM vendors. MaaS360 initially provided management of Windows PCs and Mac OS X (which is why it can managed older operating systems as old as Windows XP SP3!) The platform has evolved to support a large variety of mobile operating systems including a secure productivity suite (or container) for iOS, Android and Windows Phone.

MaaS360 provides inherant multi-tenancy services, which provides the following services for a MMS organisation:

Multi-Tenant Hierarchy

Easily supports multi-channel model

Easily onboard new customers/partners

Single login to manage customers

Branding

Dashboards and Reports

This is depicted in the following diagram:

These services are provided on a highly secure platform, which is all managed by IBM. For example, IBM MaaS360 is the only Unified Endpoint Management (Mobile and PC including Windows XP, 7, 8, 10 & OSX) SaaS platform have successfully completed a SOC 2 Type II audit since 2007. In addition, MaaS360 also has FedRAMP mobile authorisation. With IBM MaaS360, your clients data is safe.

Benefits of using MaaS360 for an MSP

The MaaS360 MSP portal can allow an authorised administrator to create and manage separate customer accounts. Each customer account is completely separate from the other. This allows an MMS complete visibility and control of each customer they are managing.

Account ManagementVia the MaaS360 portal each mobile managed services provider can generate their own trial registration URL. This allows MMS to allow clients to start production trials within a few minutes in their own MSP portal. This URL can include associated branding and customisation. A good example is the trial registration link for O2 in the UK.

BrandingVarious elements of MaaS360 can be easily branded via the MSP portal. This includes the trial registration page, service name, portal logo etc. Elements of MaaS360 can also be branded for each client of the MSP too (such as inside the Secure Productivity Suite, the logo can be changed).

ReportingMaaS360 provides a range of client and MSP reports. For example an MSP can easily see what clients are in a trial phase and which are production:

The good news for an MSP, is that there is no charge to change a trial account to a customer (live) account. It’s simply a change of status from within the portal. Each client will have been testing using a production service.

Integrate to on-premises systems with certaintyThe MaaS360 on-prem components such as the Cloud Extender and Enterprise Gateway can be installed and activated within a few minutes. The CE/MEG are integrated into a single installer, and communicate to the MaaS360 cloud via port 443 (and via customer proxy systems). The CE/MEG provide health check alerts, which provide alerts to an administrator if the CE or associated systems such as Active Directory or Exchange is unavailable.

For an MSP organisation, all of these features result in less installation and ongoing effort to manage and maintain.

Unified ManagementMSP organisations are also branching into other platforms such as PC and Mac management (which have traditionally been serviced by on-prem solutions). MaaS360 can provide a range of more advanced services that other MDM solutions don’t provide. For example:

Integrated Threat ProtectionMaaS360 is the only leading EMM with integrated mobile anti-malware capability. This includes anti-malware services for iOS and Android. Here is a link to a great video overview.

Power your MSP business with MaaS360

MSP organisations are looking unified endpoint management solutions with zero infrastructure requirements. When we’ve outlined some of the above features with organisations, they recognise how MaaS360 can provide a powerful platform for their clients. Of course, if you would like to try out MaaS360, you can register for a free 30-day trial by going to www.maas360.com/trial.

If you would like further information, you can contact me via my blog contact page.

Darryl

]]>https://darrylmiles.wordpress.com/2016/01/15/enabling-carriers-and-msps-in-the-cloud-mobile-era-with-ibm-maas360s-multi-tenant-capabilities/feed/0vtdarrylMaaS360 multitenant architecturemaas360 certsMaaS360 MSP portalMaaS360 MSP Account OverviewMaaS360 CE Health CheckDon’t Drown in a Sea of Cyberthreatshttps://darrylmiles.wordpress.com/2015/11/19/dont-drown-in-a-sea-of-cyberthreats/
https://darrylmiles.wordpress.com/2015/11/19/dont-drown-in-a-sea-of-cyberthreats/#respondThu, 19 Nov 2015 02:52:00 +0000http://darrylmiles.wordpress.com/?p=1007]]>Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputational damages to an organization. You need a security system that can detect an attack, prioritise risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints and data.

My colleague Roshan Royan and I provided an overview of both solutions and how they are seamlessly integrated on the following Webinar (recording).

Thanks to everyone who attended the Webinar!

Darryl

]]>https://darrylmiles.wordpress.com/2015/11/19/dont-drown-in-a-sea-of-cyberthreats/feed/0vtdarrylBusinessman in crisisSetting up IBM BigFix Compliance for PCI DSShttps://darrylmiles.wordpress.com/2015/10/06/setting-up-ibm-bigfix-compliance-for-pci-dss/
https://darrylmiles.wordpress.com/2015/10/06/setting-up-ibm-bigfix-compliance-for-pci-dss/#respondTue, 06 Oct 2015 03:57:15 +0000http://darrylmiles.wordpress.com/?p=974]]>Payment Card Industry Data Security Standard (PCI DSS) is a well know IT security standard for organisations that handle credit card data. The PCI standard is actually mandated by the Payment Card Industry Security Standards Council, and the potential fines for non compliance and ramifications for a business if they hacked can be significant.

For example in 2013 Target was hacked and the credit card details of over 40 million customers were stolen. A report for the US Congress in February 2015 provided some sobering statistics:

“Target has reported data breach costs of $248 million. Independent sources have made back-of-the-envelope estimates ranging from $240 million to $2.2 billion in fraudulent charges alone. This does not include additional potential costs to consumers concerned about their personal information or credit histories; potential fines or penalties to Target, financial institutions, or others; or any costs to Target related to a loss of consumer confidence. The breach was among the largest in U.S. history.”

How can BigFix Compliance assist ?

The PCI DSS standard consists of 12 requirements as outlined here. The BigFix Compliance PCI DSS Add-on provides reporting and compliance services for server and workstations. IBM also provides solutions such as Netcool and Qradar to assist with other network and security components for PCI DSS. So clients have a set of tools to provide a holistic PCI DSS solution.

The continuous monitoring and compliance features of BigFix are well known. In 2012, Orb-Data wrote an excellent article outlining how IBM BigFix (Endpoint Manager) can assist clients in a number of areas of the PCI DSS standard. Previously, clients would develop their own Fixlets for PCI DSS, potentiallly leveraging content shared by the BigFix community or professional services.

In June 2015, IBM released the first set of PCI DSS content, which will be expanded with additional content and features over the next 12 months. An overview video is available here.

Setting up BigFix Compliance

To install BigFix compliance, follow the steps below:

From the IEM console, select BigFix Management, License Overview and find the Security and Compliance section. Next to SCM Reporting select Enable

Click on SCM Reporting, under the Computer Subscriptions tab, change the value from No computers to All computers and select Save Changes

Select Take Action and select the server where BigFix Compliance will operate. The latest installer will be automatically downloaded and sent to the server.

From the nominated BigFix Compliance server, run the ibm_bfc_1.8.exe self-extracting archive located in the “C:\Program Files (x86)\BigFix Enterprise\BES Installers\TEMA” directory

After extracting, open the resulting directory and as an Administrator run the bfc_setup.exe file, which will open the IBM BigFix Compliance install wizard

Follow the steps in the IBM BigFix Compliance install wizard, including the browser-based configuration steps following the completion of the wizard. Some of the screens from my installation are shown below:

Once BigFix Compliance is installed, it automatically launched a web browser and I configured the server. Settings from my install are also shown below:

BigFix Compliance is now installed. BigFix Compliance consists of a wide variety of security such as CIS, DISA STIG, FDCC and USGCB. In the next section we’ll then add PCI DSS too.

Enabling the PCI DSS Add-On

You must be licensed for this feature or ask your local IBMer to have it enabled as a trial. To enable the PCI DSS Add-On, follow the steps below:

From the IEM console, select BigFix Management, License Overview and find the PCI DSS Security and Compliance section. Next to the various checklists such as PCI DSS Checklist for Windows 7 and PCI DSS Checklist for SQL 2012 select Enable

Click on each of the PCI Sites you enabled in the previous step, under the Computer Subscriptions tab, change the value from No computers to All computers and select Save Changes

For each checklist you can enable the require Analysis for specific items where you would like data collected from those endpoints. ie. Analysis – Password requirements. Maximum age should be 90 days. If you enable this Analysis it will collect the Maximum password age setting from all computers.The information from these Analysis can be accessed by selecting Configured View and selecting Measured Values. As shown below:

The PCI DSS checklists will automatically download and be tested against the computers in your environment.

When you login to the BigFix Compliance portal, it will start reflecting compliance information. I’ve included a number of screen captures from my lab environment.

That’s it! BigFix Compliance for PCI DSS is now up and running and you can easily report on your compliance. If you have any problems, please post your query to the new Bigfix forum. If you’re interest in more details, please contact me.

Darryl

]]>https://darrylmiles.wordpress.com/2015/10/06/setting-up-ibm-bigfix-compliance-for-pci-dss/feed/0vtdarrylpci dss logoSCA - 1SCA - 2SCA - 3SCA - 4SCA Config - 1SCA Config - 2SCA Config - 3SCA Config - 4measured values - 1measured values - 2Is your organisation ready for iOS 9?https://darrylmiles.wordpress.com/2015/08/31/is-your-organisation-ready-for-ios-9/
https://darrylmiles.wordpress.com/2015/08/31/is-your-organisation-ready-for-ios-9/#respondMon, 31 Aug 2015 12:55:46 +0000http://darrylmiles.wordpress.com/?p=967]]>With the release of iOS9 just around the corner, is your organisation ready? Your staff will be eager to upgrade to the latest capabilities once the final release is made available. No longer can you ask your staff not to upgrade their iOS device, they will be doing it !

IBM is also ensuring our solutions will be ready for iOS9, particularly MobileFirst Protect (MaaS360) our enterprise mobility management (EMM) service. MaaS360 clients have been testing our solution (in the production SaaS solution) for several weeks. You can see some of the new Restriction settings in the screen capture below:

You can be confident that the moment iOS 9 is available, MaaS360 will instantly support these new management capabilities. This is without any effort or upgrade charges for your organisation.

You can register for a free 30 day trial of MaaS360 at www.maas360.com and take it for a test drive within minutes.

Please contact me if you need any information on MaaS360.

Darryl

]]>https://darrylmiles.wordpress.com/2015/08/31/is-your-organisation-ready-for-ios-9/feed/0vtdarrylios9ios9_maas360Both named Gartner Leaders: IBM MobileFirst Protect (MaaS360) and IBM BigFix (Endpoint Manager)https://darrylmiles.wordpress.com/2015/06/22/both-named-gartner-leaders-ibm-mobilefirst-protect-maas360-and-ibm-bigfix-endpoint-manager/
https://darrylmiles.wordpress.com/2015/06/22/both-named-gartner-leaders-ibm-mobilefirst-protect-maas360-and-ibm-bigfix-endpoint-manager/#respondSun, 21 Jun 2015 20:36:50 +0000http://darrylmiles.wordpress.com/?p=930]]>IBM MobileFirst Protect (MaaS360) has earned IBM a leadership position in the Magic Quadrant for the 4th year in a row.

IBM was selected a Magic Quadrant leader for Enterprise Mobility Management (EMM) based on completeness of vision and ability to execute.

Likewise, it was the 4th year in a row for IBM BigFix (Endpoint Manager) to be named a leader in the Gartner Client Management Tools Magic Quadrant.

Gartner highlighted how BigFix excels in patch management, multiplatform support and overall scalability. In additional organisations also frequently use it to manage servers, particularly midsize organisations that prefer a single tool to manage PCs and servers.

]]>https://darrylmiles.wordpress.com/2015/06/22/both-named-gartner-leaders-ibm-mobilefirst-protect-maas360-and-ibm-bigfix-endpoint-manager/feed/0vtdarrylibmMobileFirstProtect_circleBlueSetting up BigFix Inventory 9.2https://darrylmiles.wordpress.com/2015/05/12/setting-up-ibm-endpoint-manager-software-usage-analysis-sua-9-2/
https://darrylmiles.wordpress.com/2015/05/12/setting-up-ibm-endpoint-manager-software-usage-analysis-sua-9-2/#respondTue, 12 May 2015 02:01:17 +0000http://darrylmiles.wordpress.com/?p=935]]>IBM BigFix (Endpoint Manager) has released a new Software Usage Analysis (SUA) module. This release includes a number of new capabilities, specifically SQL support. BigFix Inventory (or SUA) also provides IBM sub-capacity measurement capability. IBM has provided a number of installation and administration guides here. In the following article, I’ll step you through the key elements to setup SUA 9.2: Prerequisites

I’d created a new Windows 2008 R2 server to run SUA 9.2. My virtual machine had at least 8GB of memory and 2 vCPU

On the SUA server I had installed Microsoft SQL 2012 and updates

I had installed an IEM Agent and it was reporting back to the IEM server successfully.

From the SUA install screen you’ll want to choose a server which will run SUA. For small environments, SUA could run on the same server as IEM. However as you grow beyond several thousand endpoints, you’ll want to dedicate a separate server for SUA 9.2. Select that server and click Deploy Installer.

SUA 9.2 will then show you the following screen as it downloads the SUA 9.2 software and then mirrors it to that server. In my lab environment this took about 10 minutes. You can check the progress of the download by looking at the running Actions too:

On the SUA 9.2 server (my server was called SFTSGSUA9 – as it’s on Softlayer) I ran the installer setup-server-windows-x86_64.bat (as an Administrator).

During the SUA 9.2 installation, select the default including accepting the license agreement. Change the default installation path if required:

I select the default https port 9081 in my environment (you could choose another port if required)

I selected System Account and finally reviewed the settings before clicking Install

When SUA was completed I was shown the following screen:

Click on Done and a web browser is then launched to complete the SUA 9.2 configuration. You might need to click the certificate warning in your web browser. I entered the following information below to configure SUA.

After the import was completed (which did take a few hours in my lab), the SUA 9.2 application was then launched:

Back in the IEM console I could click Finish and configure it with the URL of my IEM9TSUA2 server:

Now SUA 9.2 is up and running, we’ll now setup the endpoints for SUA scanning.

Setup your Endpoints for SUA scanning

From the IEM console, select System Lifecycle. Then select Software Use Analysis, select Setup – Activate Analysis. You should see seven Analysis as shown in the example below. Activate each of these.

Next select Setup – Deploy Scanner to Endpoints and select Install Scanner, select Take Action. Select Target and select Dynamic target by property and select All Computers, if you want the scanner applied to every computer with an IEM Agent installed. Otherwise you might create a manual group (called SUA 9 clients) and select it instead. Click OK to run the Action. The scanner will then be deployed to the endpoint.

Select Setup – Schedule Scans on Endpoints. Select Initiate Software Scan. Select Target and select Dynamic target by property and select All Computers. Select the Execution tab.By default the scanning process will run every 7 days as shown below. You can change this value if you like. Select OK when complete.

Finally, select Setup – Schedule Uploads on Endpoints. Select the Upload Software Scan Results fixlet. Click OK to run the Action. Select Targetand selectDynamic target by propertyand selectAll Computers. Select the Execution tab. You’ll see below the Fixlet will run anytime new scan results are available and retry this 3 times if there is an error. Select OK when complete.

Note: As mentioned above, it’s probably a good idea to do each of the three items above on a group basis, so that as you deploy additional endpoints they’ll automatically be setup for SUA processing. Software Catalog Update You’ll want to use the latest software catalog from IBM, which we see has been automatically detected within the console. You’ll need to perform a similar task roughly every month as IBM releases new SUA catalogs. The update process is documented within the Fixlet, so check there on what you need to do, especially if you customise the catalog.

Click Upload. Then select Import Now within the SUA console and browse to the file (D:\Program Files\ibm\SUA\sua_catalog) and select the ZIP file.

Click Upload

Note: There is a Fixlet 1002 – Upgrade to the newest Software Usage Analysis 9.x catalog that can be run. This will automatically download the latest catalog to the SUA 9.2 server. The above task of applying this catalog via the SUA console is still required (thank’s David Kosenko for this information).

That’s it! SUA is now up and running and you can easily see what software is installed and being utilised in your company. If you have any problems, please post your query to the new Bigfix forum. Are you benefiting from IBM Endpoint Manager SUA? If so we’d love to hear from you. Darryl

I suggest there is another acronym that is growing in popularity, UEM or Unified Endpoint Management.

In the past, organisations ran “traditional” server management tools, which extended to managing Windows PCs. These are the traditional on-premises solutions such as IBM Endpoint Manager (IEM/BigFix), Microsoft Systems Center Configuration Manager (SCCM) etc. Some solutions such as IEM did a great job to manage a variety of new devices, even when the devices were disconnected from the office network.

As smartphones arrived, IT needed a way to provide visibility and ensure devices were secured if they were lost or stolen. So independently, new mobile device management (MDM) solutions emerged.

Some MDM solutions have since evolved to provide advanced device and data security management. These advanced solutions such as MaaS360, include secure container solutions which separate business from persons personal data. MaaS360 provides a secure container across a range of mobile form factors such as iOS, Android and Windows Phone. These solutions are what Gartner, and the industry have termed Enterprise Mobility Management or EMM solutions.

However very few EMM’s are also providing a trueUnified Endpoint Management or UEM solution. Integrated solutions which can manage new and old PCs, Macs and mobile devices. Many claim “we manage PCs and Macs”, but when you scratch below the surface, you soon realise it’s only the latest operating systems and via an initial set of management API’s in Windows 8 or Mac OS X.

MaaS360 has been managing PCs and Macs for over 10 years. So it provides a set of more advanced PC and Mac management services. Even those running Windows XP SP3!

So you can implement a SaaS solution in minutes, that can manage a wide variety of form factors from old Windows XP PCs to Microsoft SurfacePro 3, iOS, Android, Mac OS X, Windows Phone and Blackberry.

I conducted a Webinar on Thursday 27th 2014. You can register here and see a replay of the recording plus slides.

The setup is relatively straightforward and the development team have created some excellent documentation here. With some information provided by Fiberlink which is specific to your MaaS360 account, you’re ready to get started.

You start by activating the MaaS360 site and deploying the Management Extender for MaaS360. I decided to use a dedicated virtual machine which was already an IEM relay in my test environment.

The only issue I came across was the information I received wasn’t correct for my MaaS360 account. I was provided a Platform ID of 3, and the extender didn’t function after I configured it. After re-confirming this with ops@fiberlink.com, they provided a Platform ID of 5 for my account. The extender was then configured correctly, and a list of mobile devices from my MaaS360 account was displayed!

I’ve included a bunch of screen captures from the setting up the extender, to the list of devices, and drilling down to an iOS device and obtaining inventory information and sending commands to a device.

This capability allows clients to view a mixture of endpoint types from a single console. I expect more integration will be progressively released over time.